Chapter 2: Promoting the soundness of the banking system ... … · iv. Risk framework • The...

43Bank Supervision Department Annual Report 2010

Chapter 2: Promoting the soundness of thebanking system: Overview ofsupervisory activities

2.1 Introduction

In its 2007 Annual Report the Department provided a detailed overview of its supervisory

review process, which has been refined on an ongoing basis during the past two years to

align it with international best practice and to facilitate the effective supervision of the South

African banking sector.

In this chapter, details of the flavour-of-the-year topics covered during 2010 are provided and

the key supervisory activities of the Department relating to the Pillar 1 risk areas, namely credit

risk, market risk and operational risk are discussed. The Pillar 2 Internal Capital Adequacy

Assessment Process (ICAAP) reviews and Pillar 3 disclosure assessments performed during

the period under review are also discussed. Finally, an overview is provided of a common

scenario stress-testing exercise that was performed by the Department.

2.2 Flavour-of-the-year topics covered during 2010

Each year the Department identifies certain key topics related to the effective functioning of

banks that are then reviewed during the annual meetings held with the board and/or board

subcommittees of banks. In 2010 the following two topics were identified:

i. The functioning of the Audit Committees, and the Board Risk and Capital Committees

of banks

ii. The management and board oversight of the risks posed and the controls instigated to

mitigate the risks posed by diversified banking groups.

2.2.1 The functioning of Audit Committees, and Board

Risk and Capital Committees of banks

The Department conducted a review of the functioning of two key board subcommittees of

South African banks during the year under review. In terms of sections 64 and 64A of the Banks

Act, 1990, all South African banks are required to establish an Audit Committee, and a Risk and

Capital Management Committee. The aforementioned sections also prescribe the composition

and duties of these committees.

2.2.1.1 Functioning of Audit Committees

The functioning of the Audit Committees was reviewed with reference to the following three

categories:

i Frequency of meetings and attendance of committee members: Banks’ Audit Committees

held meetings at least four times during the financial year, with one bank having held seven

Audit Committee meetings. Generally, all committee members had not missed more than

one meeting during the financial year under review, while more than 80 per cent of committee

members had attended all meetings.

ii Items discussed and decisions made: The items on the agendas of banks’ Audit Committee

meetings were found to be relevant and sufficiently detailed, with important decisions having

been made by these committees. The items discussed included the following:

– Review and recommendation for approval of annual financial statements

– Approval of external auditors

key topics related to the effective functioning of banks

functioning of Audit Committees reviewed

Bank Supervision Department Annual Report 201044

– Updating of Audit Committee charters

– Review and approval of internal audit charters

– Discussion of audit and compliance reports

– Discussion of key bank, industry and accounting developments

– Review of regulatory interactions and outstanding regulatory requirements.

iii Significant outstanding items: Banks’ Audit Committees were found to have finalised key items on their agendas in the previous financial year. However, some bank-specific items remained unresolved, such as tax treatment of certain structured transactions; independent review of internal audit functions; review of non-core business operations; and continuous

enhancement of internal controls.

2.2.1.2 Functioning of Board Risk and Capital Management Committees

The functioning of Board Risk and Capital Management Committees was reviewed with

reference to the following four categories:

i. Frequency of meetings and committee members’ attendance: It was found that banks’ Risk and Capital Management Committees met at least four times during the financial year. The range of meetings held was quite varied across banks, in particular where smaller banks were compared to larger and more complex banks. Additional meetings mainly resulted from the more advanced risk frameworks prevalent in larger banks. Similar to the findings in respect of audit committees, all committee members were found not to have missed more than one meeting during the financial year under review, while more than 80 per cent of committee members attended all meetings. In instances where an exception to the aforementioned was noted, committee chairpersons advised that they had been provided

with valid reasons for members not being able to attend.

ii. Items discussed and decisions made: Risk and Capital Management Committees focused on a broad range of risk-related matters including, but not limited to,

a. enterprise-wide risk management frameworks;b. balance sheet and capital management;c. risk reports and dashboards in respect of key risks facing banks;d. key risk parameters and risk appetite;e. review and approval of internal capital-adequacy assessment processes; and

f. review and approval of significant risk models employed by banks.

Furthermore, these committees spent significant amounts of time on ongoing development

and training.

iii. Significant outstanding items and focus areas during 2010: Outstanding matters and focus areas during 2010 were relatively diverse, and the most significant of these included credit impairments; capital management and planning; implications of legislative changes; Basel III-

related developments; liquidity risk management; risk appetite; and volatility of earnings.

iv. Compliance with section 64A of the Banks Act, 1990: The Department also assessed the methodologies and practices employed by banks’ Risk and Capital Management Committees to ensure compliance with section 64A of the Banks Act, 1990. Banks benchmarked their methodologies and practices against each of the requirements of section 64A, thereby

evidencing their level of compliance, which the Department found to be high.

Section 64A(2)(d) requires banks to conduct an annual formal risk assessment and banks were

found to be generally compliant with this requirement. However, the formalisation of the process

was found to be an outstanding issue in certain banks.

The Department required banks to address all items where they were found not be fully

compliant with the requirements of section 64A. These matters will be followed up during the

Department’s 2011 supervisory cycle.

2.2.1.3 Conclusion

The Department found the Audit Committees, and Risk and Capital Management Committees

to be operating adequately which, in turn, contributed to the overall sound corporate governance

some bank-specific items remained unresolved

more advanced risk frameworks prevalent in larger banks

ongoing development and training

formalisation of process still outstanding


in South African banks. Notwithstanding these findings, the Department will remain vigilant in its

ongoing assessment of banks’ corporate governance practices.

2.2.2 Management and board oversight of the risks

posed, and the controls instigated to mitigate

the risks posed by diversified banking groups

The board is one of the key role players in the supervisory process, and accepts ultimate

responsibility for the risk profile of a bank and banking group. The Department therefore

regarded it essential to conduct, as part of its 2010 supervisory programme, meetings with the

boards of banks to assess their management and oversight of the risks posed, and controls

instigated to mitigate the risks posed by their diversified banking groups.

Institutions were required to address relevant aspects pertaining to the said topic during the

Department’s meeting with the boards of banks.

Diversified banking groups conduct part of their business through subsidiaries and affiliates and,

consequently, are exposed to potential, and sometimes significant, risks outside those of their

normal banking operations. Diversified banking groups could therefore incur substantial losses

stemming from entities elsewhere in the group and the size of the losses could be substantial.

Recent global experiences had also highlighted the importance of consolidated oversight by

management and the boards of diversified banking groups. The board and management of

a diversified banking group therefore need to evaluate the strength of the entire group, taking

into account all the risks that may affect it, regardless of whether these risks are carried on the

balance sheet of the bank or those of related entities.

The effectiveness of boards’ oversight of the aforementioned was reviewed with reference to

the following six categories:

i. Overall group structure

• The composition of the overall group structure split between banking, insurance and

other activities

• The major operating entities within the group.

ii. Governance

• Governance structures existing at various levels within the group, such as the board,

Audit Committee, Risk, Capital and Compliance Committee, and Remuneration

Committee

• The organisational structure of the group focusing on the key roles and responsibilities

for line management of the group and major operating entities within the group

• The extent to which specialist knowledge exists within the board of the group that is

commensurate with the complexity and nature of risks undertaken by the group

• The process followed by the board to apprise itself of material issues within the group

entities

• Materiality levels within the group.

iii. Risk appetite and risk tolerance

• The diversified banking group’s risk appetite statement and tolerance levels, and the

extent to which the risk appetite statement and tolerance levels are incorporated into

other major group operating entities

• Examples evidencing the extent to which risk appetite and tolerance levels have been

breached due to exposures outside the bank.

iv. Risk framework

• The establishment of an enterprise-wide risk management framework within the group

• The implementation of an integrated risk measurement and management framework for

credit, market, operational and other risks

• The organisational structure of the group focusing on the key roles and responsibilities

for risk management of the group and major operating entities within the group

• Future enhancements to be made to the group risk management framework.

diversified banking groups could incur substantial losses


v. Risk assessment

• The aggregation of risk exposures and the subsequent reporting to the board

• Examples of the extent to which other risk exposures originating from outside the bank

have been highlighted to the board and the actions taken

• The contribution to group net income before taxation by each of the major entities within

the group.

vi. Information technology

• The adequacy of the IT to facilitate the production of adequate, reliable and timely

management information at group and at major operating entity levels

• Identified enhancements to be made to the group IT infrastructure.

The exercise proved to be useful in focusing the attention of boards on the spread of activities

being undertaken across groups. In general, boards appeared to have a grasp on the larger

group activities but were somewhat unsighted on the precipitation of a myriad of smaller group

interests or entities and on geographic (global) spread. Accordingly, some boards have agreed

to devote quality and quantity time during 2011 to gaining a better understanding of all levels

of group activity from a complexity, necessity, risk and geographic (global) spread perspective.

Attempts will be made to streamline and downsize structures where appropriate.

2.3 Credit risk

2.3.1 Introduction

Banks in South Africa can select from a menu of approaches to calculate their minimum required

regulatory capital relating to credit risk for Pillar 1. These approaches include the standardised

approach (STA), which also incorporates a simplified standardised approach, and two models-

based approaches (MBAs). The MBAs comprise the foundation internal ratings-based approach

(FIRB), in terms of which certain model parameters are specified by regulation, and the AIRB in

which banks model the parameters. The proportion of banks registered in South Africa using

the aforementioned approaches is depicted in Figure 2.1.

During the year under review, the Department continued to perform both compliance-based

and prudential supervision of banks, specifically focusing on banks’ credit risk profiles and

portfolios that were, and continue to be, impacted by adverse market conditions and strained

economic activity. The work carried out covered the following:

• Quantitative analysis of regulatory reporting

• Review of self-assessment templates submitted by banks

exercise focused the attention of boards on the spread of activities being undertaken across groups

the Department continued to perform both compliance-based and prudential supervision of banks

Locally registered banks

13

1

3

Standardised approach (STA)

Foundation internal ratings-based (FIRB)

Advanced internal ratings-based (AIRB)

Branches of international banks

Figure 2.1 Reporting methods approved by the Registrar of Banks

1

12


• Focused reviews of banks’ compliance with requirements for use of the IRB approach for the

calculation of minimum required regulatory capital relating to credit risk for Pillar 1

• Processing of applications submitted by banks for the implementation of new or revised

models and rating systems

• Focused reviews of banks’ compliance with requirements for use of the STA for the

calculation of minimum required regulatory capital relating to credit risk for Pillar 1

• Reviews of long-form reports by auditors relating to details in models used by banks with

approval to use the FIRB or AIRB approaches

• Assessment of the suitability of rating agencies to provide ratings as a measure of the

creditworthiness of banks’ assets.

2.3.2 Quantitative analysis of regulatory reporting

In the course of the Department’s ongoing analysis of bank data and its risk-based supervisory

interactions with banks, it became evident that banks had applied differing interpretations

to some key aspects of the credit risk regulations. This resulted in inconsistencies that

negatively affected trend and peer-group analyses. Some of these issues were reported in the

Department’s 2009 Annual Report, with specific reference to the credit risk survey that was

conducted. However, additional issues arose in 2010.

During 2010, the Department focused significant supervisory resources on addressing

reporting inaccuracies, interpretive matters and other areas where banks required specific

guidance. The Department held numerous technical discussions with banks and with their

external auditors in the form of workshops and meetings of the Credit Risk Business Forum.

These deliberations, together with feedback received from the World Bank and IMF delegation,

culminated in the formulation of policy on the preferred reporting on some line items, risk

weights and other technical matters. The resulting refinements have been published in the form

of Banks Act circulars and directives, and have been included in the proposed amendments to

the Regulations relating to Banks.

2.3.3 Review of self-assessment templates

submitted by banks

Banks that have acquired approval from the Registrar to report credit risk according to one of

the IRB approaches are continually assessed to determine their level of compliance with the

Regulations relating to Banks.

The IRB banks are required to complete and submit a self-assessment based on the Regulations

relating to Banks on an annual basis. The primary purpose is for both the bank and the

Department to become aware of areas of non-compliance, and to ensure that the necessary

steps are taken to address weaknesses identified.

During 2010, four domestic banks and one branch of an international bank submitted self-

assessment templates on their compliance with the credit risk regulations, based on data

for December 2009. The submissions were assessed and reviewed to identify gaps and

exceptions as defined in the 2008 Annual Report (pages 23 and 24). The gaps and exceptions

are addressed as part of the Department’s ongoing supervisory process.

2.3.4 Identified gaps

Some banks did not complete all the required sections in the self-assessment template.

2.3.5 Identified exceptions

The following common exceptions were identified:

• Scope of documentation: Rating systems design and operational details for some banks are

not properly documented

banks applied differing interpretations to some key aspects of credit risk regulations

IRB banks completed self-assessments based on the Regulations


• Retrospective reallocation requirement: Processes for obtaining and updating relevant and

material information on borrower financial conditions and facility characteristics to support

internal credit risk measurement and management processes still require improvement in

some banks

• Board and senior management responsibilities: The monitoring and reporting of rating

systems to the board and senior management require improvement in some banks

• Annual review of risk ratings: Some of the banks did not conduct the required annual review

of assigned borrower and facility ratings

• Requirements specific to PD, LGD and EAD estimates: Several banks still lack sufficient data

history required to estimate internal risk parameters.

2.3.6 Revision of self-assessment templates

For the 2011 submission of the self-assessment templates (based on December 2010 data), the

Department compared the self-assessment templates with those of other regulators and their

processes. Consequently, the following changes were made:

• The number of schedules was reduced from five to three

• Additional information was required on Schedule 1: Risk rating system summary.

2.3.7 Focused reviews of IRB requirements for credit risk

A number of focused on-site credit risk reviews were carried out during 2010 that spanned

selected retail and wholesale portfolios. The purpose of the on-site reviews was, among other

things, to determine whether the credit risk management practices of banks were sound,

whether the models remained fit for purpose and that adequate levels of capital were held for

credit risk. The Department continued to follow a risk-based approach in selecting portfolios to

be reviewed, and focused on the following:

• Model governance processes, specifically relating to prescribed annual validation and board

oversight

• Composition of selected portfolios, lending strategy and risk appetite (with specific reference

to documentary evidence of its existence and use)

• Review of management information reports used for credit risk management

• Review of rating system outputs including stability tests, backtesting results and other

ongoing monitoring and validation results.

2.3.8 Key findings

• Governance of model validation: In certain banks the process for escalating issues to the designated committee or board required improvement. The Department regards effective board oversight of the approval of all material aspects of a bank’s rating and risk estimation processes essential for good corporate governance. Consequently, the qualifying criteria in

the Regulations relating to Banks for the designated committee were amended to stipulate that the designated committee should be a subcommittee of the board. This amendment

has been incorporated in the proposed amended Regulations relating to Banks.

• Annual validation of models: It is the Department’s view that appropriate processes and clearly documented policies are fundamental to effective IRB implementation. Most of the banks with IRB approval have revised their validation frameworks to incorporate additional qualitative and quantitative aspects. Certain banks had not managed to conduct the prescribed annual validation on all their portfolios. However, action plans existed to remove the backlog during 2011. Banks were reminded that removing the backlog should not come at the expense of the depth and quality of the independent reviews, annual validations or the ongoing monitoring of the rating systems. Even though significant progress regarding documentation standards was evident, the Department expects banks to remain focused on improving the processes surrounding validation.

• Backtesting: As stated in the 2009 Annual Report, one of the issues identified to receive particular attention during 2010 was backtesting of credit risk models. In the assessment of the banks’ backtesting frameworks and methodologies, the Department ascertained that banks had performed limited out-of-time backtesting on the rating system parameters. Given the importance of backtesting, this will remain a focus area for 2011.

risk-based approach followed to select portfolios

qualifying criteria for designated committee amended

banks to remain focused on improving the processes surrounding validation


• Level of compliance in terms of IRB requirements: The Department assessed the level of

compliance with the minimum IRB requirements during on-site visits. The following instances

of non-compliance were noted and will receive specific attention during 2011, in order to

monitor progress and ensure full compliance:

– Deviation from the strict application of the firm-size adjustment in accordance with the

provisions of the Regulations relating to Banks, that is, the application of the formula to

adjust the corporate risk-weight formula for exposures to small and medium enterprise

(SME) borrowers

– Incorrect classification and, in certain instances, a failure to report specialised lending

portfolios, especially the reporting of high-volatility commercial real-estate exposures

– Use of models to calculate expected loss and minimum required capital and reserve funds

without obtaining prior written approval from the Department

– Outdated reviews of assigned borrower and facility ratings, that is, ratings assignments

that were older than one year.

• Data quality: Banks continually strive to improve data quality. For most of them a data

governance framework existed with dedicated data management teams. Significant

progress was evident in the form of initiatives implemented to address issues highlighted

during data quality reviews and/or internal audits of data quality.

2.3.9 Processing of applications by banks to implement

new or revised models and rating systems

As regards the lifecycle of credit risk models, the Department anticipated that most banks

would focus on refining and redeveloping their rating systems roughly two years after the

implementation of Basel II in South Africa. During 2010, this transpired, with a significant number

of applications reaching the Department for approval to use revised rating systems to calculate

the minimum regulatory capital requirement for credit risk.

Significant rating system changes in many cases resulted in a decrease in the regulatory capital

requirement. The reasons for rating system changes included the following:

• Philosophy redesign: As the performance of models deteriorated, the need for redevelopment

increased.

• Development of own downturn LGD estimates: As downturn data was not readily available

to banks when models were first implemented, the Department allowed banks to use a proxy

for downturn LGD estimation, commonly referred to as the ‘Federal Reserve formula’, but

encouraged banks to derive their own estimates of downturn LGD. During 2010, banks used

the data collected during the recent downturn to estimate their own downturn LGD.

• Recalibrations using downturn data: Banks’ data history tended to be biased towards benign

periods of the cycle, and several recalibrations led to increased capital requirements with the

addition of downturn data.

• Removal of conservatism: Banks continued to lower the conservatism that originally

characterised their models, using data collected during the downturn period as motivation

that their models no longer required additional conservatism.

• Migration of portfolios from FIRB and STA to AIRB: Banks migrated smaller portfolios from

FIRB and STA approaches to the AIRB approach as they built up sufficient data history and/

or expertise in creating rating systems.

As reported in the 2009 Annual Report, the Department follows a formal approval process

to review material internal model changes or developments that fall outside the scope of the

original approval granted for use of an IRB approach prior to implementation (based on the

banks’ communication policy with the Department). Some of the applications for approval of

materially changed models were declined. In certain instances approval for using credit risk

models was based on, among other things, the following conditions:

• Additional capital requirements in terms of regulation 38(4) of the Regulations relating to

Banks, so-called Pillar 2b criteria

• Requirements for independent validation and the implementation of monitoring processes

within a prescribed period.

instances of non-compliance were noted

revised rating systems to calculate the minimum regulatory capital requirement for credit risk


2.3.10 Focused reviews of banks’ compliance with

requirements for use of the STA for the

calculation of minimum required regulatory

capital relating to credit risk for Pillar 1

It was reported in the 2008 Annual Report that the Department’s Review Team had commenced

with a project that entailed a review of the implementation by banks of STA for the computation

of regulatory capital in respect of credit and counterparty exposures. This project was continued

during 2010 and will be completed in 2011.

The reviews were risk-based and focused on assessing the degree of compliance by each bank

with the requirements of the Regulations relating to Banks. In particular, the reviews assessed the

correctness of the risk weights applied by banks in the calculation of their minimum required capital

and reserve funds relating to credit risk, and the reasonableness of the credit risk classifications

used. Where credit risk mitigation was taken into account, an evaluation was done of the eligibility

of the credit-risk mitigation instruments, the methodology employed and compliance with the

credit-risk mitigation policy. The same criteria were applied in the review of all banks but the

methodology was adapted to allow for the size of the bank and the processes implemented.

Most of the banks have been reviewed and the conclusion reached is that they have been

diligent in their implementation of STA and have, generally, complied with the requirements

of the Regulations relating to Banks. There was no common thread in the findings, although

some aspects of the STA, for example, the use of the international credit risk rating scales;

credit policies not incorporating the criteria for risk mitigation set out in the Regulations relating

to Banks; intangible assets not being deducted from capital and reserves; and the incorrect

treatment of derivative and securities financing transactions were prevalent.

The findings of the reviews were communicated to the senior management of the banks

concerned and their concurrence with, and a commitment to, rectifying the identified issues

were obtained. The rectification of the issues was followed up in the course of the supervisory

process and most issues have been resolved.

2.3.11 Long-form reviews

As a result of South Africa’s implementation of Basel II and the consequential amendments to

the Regulations relating to Banks, which provided the Registrar with the option to permit banks

to use the IRB approaches for credit risk, external auditors were confronted with increased

reporting duties relating to banks’ use of internal credit models for regulatory capital purposes.

This resulted in the external auditors and the Department commencing discussions on the

scope of work required from the external auditors as far as it related to banks’ IRB credit models

and external auditors’ reporting duties to the Registrar.

In addition to the aforementioned, new requirements in auditing standards and the level of

assurance to be provided by external auditors made it necessary for banks’ external auditors to

assess and revisit the levels of assurance to be provided to the Registrar on the directives in the

Regulations relating to Banks as far as they related to IRB credit risk models.

Discussions on the reporting duties of external auditors and the type of assurance to be provided

on IRB credit risk models used, began as far back as 2007. After several months of discussions,

the Department and the external auditors agreed on the level of assurance to be provided by

the external auditors of banks to the Registrar, the attestation procedures necessary to assess

banks’ compliance with the applicable directives in the Regulations relating to Banks, and the

format for reporting findings to the Department. These specific reviews on banks’ IRB internal

credit models are commonly referred to as ‘long-form reviews’.

The first cycle of long-form reviews commenced in 2009 with the external auditors reporting

their findings to the Department when reviews on specific models were completed. The external

reviews assessed the correctness of risk weights applied by banks

increased reporting duties relating to banks’ use of internal credit models


auditors requested that, for the first cycle of long-form reviews, the reviews concentrate on the

same or similar asset classes in the IRB banks. The Department directed the auditors initially

to address all highly significant or material asset classes in the scope of the long-form reviews,

namely those portfolios that covered the following:

• Residential mortgage exposures

• Commercial property finance exposures

• Corporate exposures, including SME corporate and specialised lending exposures.

The ultimate aim of the long-form reviews was to report on the accuracy and completeness of

banks’ calculation of the following IRB parameter estimates:

• PD estimates

• LGD estimates, including adjustments

• EAD estimates

• Risk-weighted exposure amounts

• Amount of required capital and reserve funds relating to credit risk

• Related amounts of capital impairments

• Amounts of expected losses.

Reports emanating from the initial long-form reviews for the IRB banks were submitted to the

Department during 2010 and the findings were discussed with the banks. Consequently, the

Department requested banks for which deficiencies were evident to provide and commit to

action plans to address outstanding weaknesses.

2.3.12 Developments in respect of rating agencies

International bodies such as the Basel Committee and the FSB have raised concerns about

the over-reliance of banking regulators and banking legislation on the use of external ratings

issued by approved rating agencies. Such concerns were evident in the Basel Committee’s

October 2010 press release, which indicated a need for a review of the use of rating agency

ratings, specifically in the securitisation capital framework. This view was echoed by the FSB

in its October 2010 publication titled Principles for Reducing Reliance on Credit Rating Agency

Ratings. The ultimate aim of these international bodies is for banking regulators to become less

reliant on the use of external ratings in banking legislation.

The Department decided not to take any immediate action on the use of eligible rating agencies

and external ratings in its regulatory framework, beyond the existing levels of scrutiny and

interactions with these agencies until such time that the Basel Committee has issued a formal

framework or a formal stance on the future use of rating agency ratings in banks’ regulatory

capital calculations.

2.4 Market risk

2.4.1 Introduction

The year 2010 reflected evidence that a global recovery had begun after the financial crisis,

albeit on an uneven basis. Consistent with other emerging-market economies, the South

African markets showed signs of recovery. Nevertheless, levels of market risk in South African

banks continued to follow the reduction in volatility that was present in the secondary markets

for the most part of 2010.

2.4.2 Market risk regulatory reporting methods

The Regulations relating to Banks include two alternative reporting methods for market risk,

namely the

i. models-based internal models approach (IMA); and

ii. standardised approach.

long-form reviews to report on the accuracy and completeness of banks’ calculation of IRB parameter estimates

concerns about over-reliance on the use of external ratings

reduction in volatility in secondary markets


Under approved circumstances, banks are also permitted to apply a combination of standardised

and models-based reporting. As at the end of 2010 five of the thirty banks with market risk had

permission to report according to the IMA.

2.4.3 Market risk reviews and key findings

Market risk reviews conducted in 2010 by the Department concentrated on banks with approval

to use IMA for regulatory reporting. The Department received one application for use of the

IMA. The application and approval processes were similar to those conducted in the previous

years. The approval process included usage of a questionnaire, off-site analysis of the bank’s

information submission and an on-site review. The applicant was granted approval to adopt the

IMA for the period beginning 1 January 2011.

The Department continues to conduct annual and quarterly reviews of the trading activities

of IMA banks to assess their suitability to continue using the IMA. These reviews focused on

changes in the sources of risk facing banks and their reaction in the form of changes to strategy,

products, systems, structure, risk limits and capital. The recent performance of trading income

generation and effectiveness of risk controls are also examined. The reviews complemented the

data already received by the Department in the form of regulatory returns and other prudential

requirements of IMA banks, such as monthly submissions of backtesting and stress-testing

results. A total of 18 on-site meetings in the form of IMA annual reviews, new application and

quarterly reviews were conducted during the 2010 calendar year.

The operational issues that resulted in poor performance of the VaR model at certain banks in

the previous year were resolved, and the multiplication factor used to prescribe the amount of

capital a bank is required to hold was lowered for the affected banks. The trading operations

of many banks struggled to meet revenue targets during the year due to lower market activity

and reduced volatility experienced for most of the 2010 calendar year, with the exception of the

last quarter.

Banks’ exposures to equities that are generally held for investment purposes are included

in the banking book for accounting purposes. From a regulatory perspective, they receive

capital treatment that is independent of the market risk charge, and is more punitive, with

the risk weighting ranging between 100 and 400 per cent. Fifteen banks reported exposures

of this nature in the course of 2010. Capital charges under these regulations contributed to

approximately 4,99 per cent of banks’ total capital requirements. For supervisory purposes,

equity risk is overseen alongside market risk. Capital held for market risk made up about

2,25 per cent of the total capital requirement for the banking sector during the year.

2.4.4 Thematic review on liquidity risk management

In terms of the supervisory programme and the methodologies employed for the achievement

thereof, the Department initiated a thematic review that addressed aspects pertaining to sections

79(1)(c) and 79(2) of the Banks Act, 1990, and regulation 26(13) of the Regulations relating to

Banks. According to section 79 of the Banks Act, 1990, a bank shall not issue negotiable

certificates of deposit (NCDs), promissory notes (PNs) or instruments of a similar character in

excess of a percentage as specified in the Regulations relating to Banks. The objective of the

review was to establish whether banks issued these instruments and whether they complied

fully with the aforementioned regulation.

A questionnaire addressing the above-mentioned requirements was submitted to banks for

completion. Information requested by the Department via the questionnaire was complemented

with information obtained from regulatory returns for off-site analysis purposes. In addition,

external auditors were required to attest to the accuracy of the information contained in the

responses to the questionnaire to ensure that all the information was presented correctly and

completely in all material respects.

market risk reviews concentrated on IMA banks

market risk capital made up about 2,25 percent of the total capital requirement


The results of the review were used to obtain a better understanding of the reporting on the

regulatory returns and to formulate possible amendments to the Regulations relating to Banks.

Generally, banks in South Africa either directly or indirectly address the relevant matters

associated with the issuance by a bank of the above-mentioned instruments. However, the study

revealed that banks should pay additional attention to ensuring that policies and processes

are developed to enhance monitoring and control and, ultimately, the liquidity risk emanating

from the issuance of such instruments. The Department acknowledges that the South African

financial sector faces structural funding challenges which may affect the way in which banks

fund their businesses. Banks are encouraged to pursue appropriate combinations of funding

strategies taking cognisance of the term ‘structure’ and concentration risks associated with

stressed circumstances.

Further work in this area will continue during 2011 in the form of a review that will be conducted

by external auditors against particular criteria. The additional work will only be conducted for

specific banks.

2.4.5 Participation in liquidity risk simulations

During 2010, the Department participated in liquidity risk simulation exercises at banks,

which were facilitated by an independent external party. As is common knowledge, the

recent international financial turmoil has proved that the importance of proper liquidity risk

management within a formalised risk framework, commensurate with the nature and scale of

business conducted by banks, has been underestimated. Representatives of the Department

fulfilled the role of observers during these exercises.

The simulation exercises were based on a range of bank-specific balance-sheet and liquidity

crisis simulation exercises, customised to meet banks’ unique situations and the respective

balance-sheet and crisis management teams’ learning objectives. The aim was also, among

other things, to allow participating banks to further enhance their resilience to liquidity stress in

real-life scenarios, and to identify weaknesses and flaws in liquidity contingency plans. Although

planning and preparedness are extremely important, testing under stress scenarios is arguably

the most important component of a bank’s liquidity contingency planning.

It became clear that the real-life scenarios not only challenged experienced crisis and liquidity

management teams, but also effectively tested their respective liquidity risk and crisis management

plans. A secondary advantage of the simulation exercises related to the opportunity for banks’

executive teams to review their own crisis management actions under liquidity stress scenarios,

and to ascertain whether key staff members understood the crisis risk management processes

and their respective roles. It was, from the Department’s perspective, interesting to observe how

these teams co-ordinated with one another, and gave the management teams a sense of their

banks’ overall control and communication challenges. Furthermore, crisis management teams had

the opportunity to learn how to test their own crisis and liquidity stress management processes,

and how to operate effectively with one another under challenging circumstances.

From the outset, the liquidity simulation exercises were extremely useful since they focused

on testing key liquidity management components, such as banks’ risk strategies and profiles;

the nature of business and asset types; funding strategies; the measurement and modelling of

maturities; stress testing; and the availability of liquidity buffers, to name but a few. Furthermore,

the exercises also focused on concentration risks, the quality and availability of management

information, skills in the treasury and balance-sheet management functions, cost and revenue

optimisation, and liquidity contingency planning.

Participants reported that they found the said simulation exercises extremely useful, that, they

highlighted areas in which they could improve, and that they demonstrated the need for robust

and conservative liquidity risk management planning. In conclusion, the Department is of the

opinion that liquidity risk simulation exercises are extremely valuable and useful, and that they

facilitate the enhancement of banks’ respective liquidity risk management frameworks.

the South African financial sector faces structural funding challenges

proper liquidity risk management has been underestimated

crisis management teams test crisis and liquidity stress management processes

liquidity risk simulation exercises extremely valuable


2.4.6 Review of exposure to Portugal, Ireland, Italy,

Greece and Spain

The fear that the sovereign debt crisis in Europe, which affected Portugal, Ireland, Italy, Greece

and Spain (PIIGS), would negatively impact the South African banking sector resulted in the

Department reviewing South African banks’ exposures to PIIGS in all asset classes. The results

of the analysis of exposures provided no evidence to suggest that the banking-sector exposure

to PIIGS was significant or warranted concern.

2.4.7 Review of reporting methodologies for equity risk

in the banking book

During 2010, a review of the reporting methodologies utilised for reporting equity risk in the

banking book on form BA 340 was conducted. Regulation 31 of the Regulations relating to Banks

allows various methodologies to be adopted. The methodology used by a bank is required to be

appropriate to the nature of its business and the complexity of its operations. The Department’s

off-site industry-wide analysis revealed that certain banks were using inappropriate reporting

methodologies, given the nature and complexity of their business operations. The relevant banks

were requested to change their reporting methodologies to those that were more appropriate,

given their own circumstances. This resulted in the affected banks being required to allocate

increased capital for equity risk in the banking book.

2.5 Operational risk

2.5.1 Introduction

Operational risk is inherent in all banking products, services and activities, and the effective

management of operational risk has always been a fundamental element of banks’ risk

management programmes. As a result, sound operational risk management is a reflection of

the effectiveness of the board and bank’s management in administering its portfolio of products,

services and activities. Effective operational risk response is not only about proactively reducing

the downsides associated therewith, but also about seizing the opportunities for innovation and

growth that may arise.

Similar to natural and human-induced disasters, most people largely ignore operational risk until

it happens. Operational risk has to be minimised, whereas credit and market risk is normally

optimised. Operational risk is the risk of loss resulting from failed or inadequate processes,

people, systems and external events. Accordingly, the Department continued to promote and

enhance the effectiveness of operational risk management at banks and banking groups since

it contributes to enhancing the soundness of the banking system.

In line with the Department’s supervisory review programme, a risk-based approach has been

applied to the review of banks’ operational risk. The Department recognises the principle of

proportionality; in other words, the nature and extent of the operations and exposure of a

bank or controlling company that will influence the nature, timing and extent of operational risk

management within a bank or banking group. The bank and controlling company should have

in place risk management policies and processes to identify, assess, monitor and control or

mitigate operational risk. These policies and processes should be commensurate with the size

and complexity of the bank and controlling company.

The work performed during the year can be summarised in the following categories:

• Focused operational risk reviews

• Processing of new applications

• Involvement in drafting operational risk consultative papers issued by the Basel Committee.

banking-sector exposure to PIIGS not significant

certain banks used inappropriate reporting methodologies

policies and processes should be commensurate with the size and complexity of the bank


2.5.2 Focused operational risk reviews

A number of focused operational risk reviews were carried out during the year. The purpose of

the reviews was, among other things, to determine whether banks had in place risk management

policies and procedures to identify, assess, monitor and control or mitigate operational risk, and

if banks that were using one of the four approaches for calculating operational risk capital,

namely the AMA, TSA, the alternative standardised approach (ASA) or the BIA are meeting the

qualifying criteria, and qualitative and quantitative standards.

The reviews were conducted in line with the risk-based supervision approach and the principle

of proportionality as discussed earlier. A high-level example of the most prominent topics

addressed during 2010 is as follows:

• Review of the management information reports or “dashboards” used for operational risk

management on a group consolidated, bank, major subsidiary and material business unit

level.

• Update and review of outsourcing and business continuity.

• Review of the alignment of the group strategy with the operational risk appetite statement.

• AMA banks and the AMA applicant were requested to demonstrate the use of the operational

risk management framework and the operational risk measurement system.

• Findings of banks’ internal audit regarding scenarios.

• Discussion of internal and external audit reports issued during the banks’ 2009/10 financial

year related to operational risk management.

The main findings from reviews are as follows:

2.5.2.1 Quality of the operational risk management information reports

The Department encouraged banks (refer to the Annual Report 2009 Bank Supervision

Department: pages 55–56) to improve the qualitative characteristics (i.e., reliability,

relevance, comparability and understandability) of the operational risk management reports

on a consolidated, subsidiary and business unit level. Qualitative characteristics are those

attributes that make the information provided in operational risk management reports useful. If

comprehensive and useful information does not exist, managers may not be aware of the true

operational risk condition of their bank and key governance players may be misled.

The scope of operational risk is broad and the base of operational risk management is wide.

Operational risk should therefore not be viewed in isolation. A sound practice for senior

management to follow is to ensure that staff responsible for managing operational risk co-

ordinate and communicate effectively with staff members responsible for managing credit, and

market and other risks, and with those in the bank who are responsible for the procurement of

external services such as insurance risk transfer and outsourcing arrangements. Failure to do

so could result in significant gaps or overlaps in a bank’s overall risk management programme.

The operational risk management function should be able to consolidate detailed information

at business unit or divisional level in a meaningful way for senior managers to assess and then

determine what action to take.

During 2010, banks made good progress towards improving the quality of operational risk

reporting.

2.5.2.2 Outsourcing and business continuity

The Department was satisfied with the overall work completed by banks relating to outsourcing,

business continuity planning and disaster recovery planning. In a limited number of isolated

cases, the Department noted instances where no disaster recovery facilities were in place

for certain subcomponent parts of a business unit and where the test simulations were not

satisfactory. These banks were requested to supply the Department with a progress report,

including timelines, to finalise all issues in the business units related to disaster recovery.

operational risk should not be viewed in isolation

focused operational risk reviews


2.5.2.3 Alignment of the group strategy with the operational risk appetite statement

Operational “risk appetite” is a high-level determination of the types of risk a bank is willing to

accept, taking into account the risk/return attributes. Risk appetite is associated with strategy,

such as the decision to enter the payments and settlements business. Operational “risk

tolerance” is a more specific determination of the type or amount of risk a bank is willing to

accept in relation to a business strategy, such as the payment activities, types, or products the

bank is willing to entertain. Risk appetite and tolerance statements may be combined.

The discussions held between the banks and the Department did not focus on the differences

between the tolerance and the appetite for operational risk. In order to stimulate discussion

around the operational risk appetite statement (ORAS) , banks were requested to demonstrate

and/or explain the following:

• How did the board (or a board subcommittee) monitor adherence to ORAS

• Clear and measurable triggers form part of the ORAS or operational risk tolerance that

results in remedial action

• ORAS considers all relevant risks, including risk aversion, the current financial situation, the

business environment and the group’s corporate culture and strategic direction.

Since operational risk is evolving, the setting and reviewing of ORAS is not as yet a well-

established practice. More time, development and maturity of banks’ operational risk

management frameworks will be required to set and embed operational risk appetite.

2.5.2.4 The demonstration of the use of the operational risk management framework and operational risk measurement system

An AMA banking group is required to develop an operational risk management framework

(ORMF) that enables management to manage and measure operational risk effectively.

The ORMF consists of operational risk organisational and governance structures, policies,

procedures and processes, and systems a bank uses in identifying, assessing, measuring,

monitoring, controlling and mitigating operational risk. A banking group’s operational risk

measurement system (ORMS) consists of the systems and data used to measure operational

risk in order to estimate operational risk regulatory capital.

The level at which the broader ORMF processes and practices have been embedded at all

organisational levels across a bank is referred to as ‘embeddedness’. The embeddedness

assessment is based on the supervisory review of management’s judgement and decision-

making, and is broader than a “point-in-time” assessment. Clearly, when it is used in decision-

making over a sustained period, it can add to a demonstration of the level of embeddedness,

and the concept should not be regarded as a one-off, single-point-in-time test. The requirement

is ongoing and a bank will need to ensure that its ability to demonstrate embeddedness is not

adversely impacted by change, for example, in staff, products, processes or environment.

A bank must meet the use and embeddedness requirement at the time of the initial AMA

assessment, and on an ongoing business-as-usual basis. In the business-as-usual context,

it is expected that the ORMF will be updated regularly, and evolve as more experience in the

management and quantification of operational risk is gained.

The Department was satisfied that AMA banks’ business entity or unit heads and responsible

staff had a working knowledge of the ORMS methodology (i.e., it was not regarded as a “black

box”) and ORMF.

more development and maturity of operational risk management frameworks required

embeddedness assessment of management’s judgement and decision-making


2.5.2.5 Banks’ internal audit findings regarding scenarios

The Department requested the AMA banks’ Internal Audit Departments to include in their audit

programmes for 2010 an audit of the design and operating effectiveness of scenario policies

and procedures. The Department required that this audit include the documentation of the

scenario elicitation process, the completeness of the scenario results and the transparency of

the underlying processes used. The results of the audits were discussed with the banks involved.

As a result of the internal audit reports, the Department required banks to strengthen the

• attendance of scenario workshops and enhance the governance over the approval of

scenarios; and

• challenge of scenarios, where scenario severities were decreased without substantiating

documentation or were in conflict with the current control environment.

2.5.2.6 Discussion of internal and external audit reports

The board of directors of a bank should ensure that the bank’s operational risk framework is

subject to effective independent review by audit. Audit coverage should be adequate to verify

independently that the bank’s operational risk framework has been implemented as intended

and is functioning effectively. The Department included the following during the focused

operational risk reviews:

• Discussion of group internal audit reports issued during the banks’ 2009/10 financial year

related to operational risk management. Not only operational risk-specific audits were

included in the discussions, but also audits where operational risk-related issues were the

cause of unsatisfactory opinions.

• Discussion of issues raised by the banks’ external auditors in reports to management during

the interim and year-end audit that are related to operational risk.

The discussions contributed to the information-gathering process and supervisory review and

evaluation process.

2.5.3 Addressing shortcomings or weaknesses

and implementing improvements

For the limited number of cases where the Department was not satisfied with the level, status,

sophistication or practical application of operational risk management, the banks concerned

were requested to address shortcomings or weaknesses and implement improvements. These

banks provided the Department with feedback on a regular basis and the Department is

comfortable with the progress made.

2.5.4 The processing of new applications

The Department received one application from a banking group to adopt a more appropriate

and sophisticated approach to calculate the operational risk exposure and regulatory capital.

The application was in respect of AMA. The application and approval processes were similar

to those followed in the previous years (please refer to the Annual Report Bank Supervision

Department 2007: pages 33, 34). The applicant banking group was granted approval to adopt

the mentioned approach.

2.5.5 Status of banks per operational risk approach

As at the end of 2010, the number of banks that was using the respective approaches for

operational risk was as follows:

audit coverage should be adequate

application to adopt a more sophisticated approach to calculate operational risk exposure and regulatory capital


The difference in the number of banks-per-capital approach between 2010 and 2009 is

attributable to the one bank moving from TSA to AMA and another, namely Imperial Bank

Limited, being deregistered in 2010.

2.5.6 Operational risk consultative papers issued by the

Basel Committee

The Department continually monitors developments with regard to operational risk. In this regard

the Basel Committee issued two consultative documents on operational risk in December

2010, namely “Sound Practices for the Management and Supervision of Operational Risk” and

“Operational Risk: Supervisory Guidelines for the Advanced Measurement Approaches”.

“Sound Practices for the Management and Supervision of Operational Risk”7 updates the

Basel Committee’s 2003 paper on this topic. The updated version highlights the evolution

of operational risk management since 2003, and is based on best industry practice and

supervisory experience. The Basel Committee anticipated that industry sound practice would

continue to evolve, and banks and supervisors have expanded their knowledge and experience

in implementing operational risk management frameworks. A range of practice reviews covering

governance, data and modelling issues, loss data collection exercises, and QISs have also

contributed to industry and supervisory knowledge, and the emergence of sound industry

practice. The principles outlined in the paper are discussed in the context of three overarching

themes: (i) governance, (ii) risk management and (iii) disclosure.

The Basel Committee also issued for consultation a paper titled “Operational Risk: Supervisory

Guidelines for the Advanced Measurement Approaches”.8 The regulatory capital-adequacy

framework envisages that, over time, the operational risk discipline would continue to mature and

converge towards a narrower band of effective risk management and measurement practices.

The guidance seeks to achieve this better by setting out supervisory guidelines. Consistent with

SIGOR’s mandate, this paper identifies supervisory guidelines associated with the development

and maintenance of key internal governance, data and modelling frameworks underlying an

AMA. Because operational risk is an emerging discipline, this paper is intended to be an

evergreen document and, as further issues are identified and expectations for convergence

towards a narrower range of appropriate practices are developed, they too will be added to

the document. This paper does not reduce or supersede the discretion of national supervisors

to act in a manner that is consistent with their particular regulatory approaches. Rather, the

7 Available at http://www.bis.org/publ/bcbs183.htm.

8 Available at http://www.bis.org/publ/bcbs184.htm.

industry sound practice would continue to evolve

convergence towards a narrower band of effective risk management and measurement practices

December 2009

Advanced measurement approach 2

Alternative standardised approach 2

The standardised approach 10

Basic indicator approach 17

December 2010

Figure 2.2 Number of banks per operational risk approach

Advanced measurement approach 3

Alternative standardised approach 2

The standardised approach 8

Basic indicator approach 17


publication of this paper is intended to facilitate a convergence of practice by banks and national

supervisors. Furthermore, while the status of banks accredited to use an AMA framework will

not be affected by the observations and conclusions of this paper, some AMA banks may need

to amend their practices to reflect the paper’s contents.

The aforementioned two proposals are also likely to have an impact on the current regulatory

and supervisory framework in South Africa, particularly relating to operational risk management.

Furthermore, as a member of the Basel Committee, South Africa would be expected to adopt

the proposals once they have been finalised.

South African banks were invited to respond to these proposals, highlighting any practical

difficulties foreseen or potential effects on both themselves and the general banking sector that

would require some consideration from the Basel Committee.

2.5.7 Conclusion

Although the Department is satisfied with the management of operational risk from a sectoral

perspective, there is room for improvement. Banks were, yet again, encouraged to monitor the

ongoing move of operational risk towards the act of managing risk rather than merely keeping

score. Because operational risk management is evolving and the business environment is

constantly changing, management should ensure that operational risk policies, processes

and systems remain sufficiently robust. Improvements in operational risk management will

depend on the degree to which operational risk managers’ concerns are considered, and

the willingness of senior management to act promptly and appropriately on their warnings. A

constant challenge for management is to validate that sufficient assurance can be placed on

the design and operating effectiveness of the operational risk framework, policies, procedures

and internal controls to identify, assess, monitor and control or mitigate operational risk to which

the entity is exposed.

2.6 Pillar 2: Capital management

2.6.1 Introduction

As stated in the Department’s 2009 Annual Report, the focus areas of the ICAAP reviews for

2009 were on the five largest banks. Furthermore, future work would focus on the following

during 2010:

• Finalisation of ICAAP reviews of smaller banks

• Commencement of ICAAP reviews of branches of foreign institutions.

The general consensus on the small banks’ ICAAPs is that, in most of the cases, risk

management processes are in place, but their articulation in the ICAAP document is poor.

Pertinent risk areas for smaller banks operating in niche areas of expertise that require more

attention include concentration risk, interest rate risk in the banking book and business risk. As

regards larger banks, ICAAPs are constantly improved upon and refined. Credit risk remained

the most significant risk area for larger banks.

2.6.2 Overview of the analysis of unsecured retail loans

in the South African industry and the level of

capital to be held by banks that adopt different

approaches to measure credit risk

During 2009–10, the Department conducted ICAAP on-site reviews at banks whose main

business is that of granting unsecured finance in the retail market. These banks did not have

sufficient internal data to enable the comparison between the IRB approach and STA. The

banks encouraged to move operational risk towards the act of managing risk rather than merely keeping score

the Department conducted ICAAP on-site reviews at banks


comparison was necessary in order to assess the sufficiency of capital held by banks that apply

STA in this particular market segment.

Subsequent to the ICAAP on-site reviews, the Department conducted an industry analysis of

banks that had adopted the IRB approach in South Africa. The analysis included unsecured

retail loans, less than R30 000, including loans where the maximum National Credit Act (NCA)

interest rates were charged. The aforementioned industry analysis showed that the amount of

capital held by IRB banks was significantly more than the amount held by banks on the STA,

with similar portfolios. Furthermore, in order to ensure level playing fields, these data would be

used to determine the individual capital requirements for banks on STA in the same niche market.

Based on the review of the aforementioned unsecured lending books of three large IRB banks,

it was evident that the three banks that applied the IRB approach held 3,13 times more required

RWAs than banks that had adopted STA.

It should be noted that the above-mentioned study only attempted to ascertain the sufficiency

of capital requirements relating to credit risk, and excluded other risk areas such as operational

risk, business risk and concentration risk.

2.6.3 Capital floors

Directive 9/2009 issued in terms of section 6(6) of the Banks Act, 1990 requires banks to be

subject to capital floors in their first four years of implementing IRB approaches for credit or the

AMA for operational risk. Capital floors were put in place in order to ensure that large amounts

of capital were not released when banks adopted more advanced approaches in respect of

credit risk and operational risk.

In respect of banks that had adopted the IRB approach since 1 January 2008, the capital

floor requirement was based on 95 per cent of the Basel I figure. Since 1 January 2010 the

requirement has been reduced to 90 per cent.

The Department monitored the capital floor reporting by banks during the year under review

and in certain instances requested the external auditors to review the accuracy of capital floor

calculations. Three banks were required to hold more capital during various reporting periods

in 2010, in order to comply with capital floor requirements.

2.6.4 Participation in the Basel Committee (Basel III)

Quantitative Impact Study

As a member of the Basel Committee, South Africa participated in the comprehensive quantitative

impact assessment. A total of seven locally registered South African banks were requested to take

part in the assessment. The selected banks and their dedicated employees were instrumental in

ensuring South Africa’s successful participation in the aforementioned exercise.

Participating banks first submitted data on 30 April 2010, whereafter the Basel Committee

required that they submit additional data. All South African banks submitted the required data

on time; the deadline for the submission of completed templates containing additional data to

this Office was 23 September 2010. Notwithstanding the tight deadlines, all participating bank

submissions and corrections were made on time.

It was of the utmost importance that the Department received accurate data from participating

banks for onward transmission to the Basel Committee. Therefore, the following actions were taken:

• South African banks participating in the impact assessment were requested to comment on

the accuracy of the proposed templates and instruction document, before the final

documents were released by the Basel Committee.

• In order to ensure that banks understood what was required and to clarify interpretational

issues on the templates, the Department collated questions from participating banks and

provided responses to those questions. On 18 March 2010 a workshop was held with all

participating banks to clarify and discuss interpretational issues.

industry analysis of banks that adopted the IRB approach

capital floor reporting by banks

comprehensive quantitative impact assessment


• Meetings were held with participating banks, where the preliminary results of their

submissions were discussed and so too final corrections, where necessary, before the data

were sent to the Basel Committee in May 2010.

• The Basel Committee’s list of frequently asked questions was released to participating

banks, as and when it was updated. The extensive question-and-answer documents

ensured that the submission templates were completed in a uniform manner, thereby

facilitating comparison between global banks.

• The Department and members of the various working groups of the Basel Committee

received the data.

The data collected in comprehensive quantitative impact assessments were used by the Basel

Committee to determine the final calibration of the new Basel III requirements. The impact

assessment also gauged what the impact of the Basel III rules would be on participating banks

and participating countries.

The final outcome of the work done by the QIS Working Group, the PDG and the Basel

Committee was the Basel III rules that were subsequently published by the Basel Committee in

2010, together with a public report on the data collected.9

2.6.5 Overview of Basel Committee press releases or

papers relating to capital, and the

Department’s comments

The Basel Committee issued the following consultative documents and requested comments

thereon:

• “Strengthening the Resilience of the Banking Sector (December 2009)”

• “Countercyclical Capital Buffer Proposal (July 2010)”

• “Basel Committee Proposal to Ensure the Loss Absorbency of Regulatory Capital at the

Point of Non-Viability (August 2010)”

• “Capitalisation of Bank Exposures to Central Counterparties (December 2010)”.

The aforementioned consultative documents contained proposed regulatory capital-adequacy

rules that would impact on the current regulatory and supervisory framework in South Africa.

Furthermore, as a member of the Basel Committee, South Africa would be expected to

implement the proposals once they have been finalised.

It was therefore necessary and important for the South African banking sector to respond to

these proposals, highlighting the potential effects on both themselves and the industry, and

setting out practical aspects to be considered with respect to their implementation. In this

regard, the Department facilitated a sector response to the Basel Committee.

2.7 Pillar 3: Disclosure

2.7.1 Introduction

Following the FSB’s release of a document titled “Thematic Review on Risk Disclosures by

Market Participants” in June 2010, the Department provided input by means of a review

template on the thematic review of the implementation by FSB member jurisdictions of the

risk disclosure recommendations of the April 2008 FSB Report on Enhancing Market and

Institutional Resilience.

The review template was structured around the three recommendations contained in the above-

mentioned FSB 2008 report.

9 Available at: http://www.bis.org/list/basel3/index.htm.

Basel Committee to determine the final calibration of Basel III requirements

South Africa to implement proposals once they have been finalised


Part 1 on recommendation III.1 of the April 2008 report enquired about supervisory dialogue

with firms involved in leading-practice risk disclosures to the public, and the extent to which

these firms had made the identified disclosures in 2008 and subsequent periods.

Part 2 on recommendation III.2 was based on industry efforts to identify the principles for useful

risk disclosures, or to identify any specific additional recommended disclosures, going forward.

Part 3 on recommendation III.3 questioned the steps taken or planned by supervisors to

implement the Basel II Pillar 3 disclosure enhancements recommended by the Basel Committee

in July 2009 by the end of 2010.

2.7.2 Overview of the process of assessing disclosure

The process followed in assessing the Pillar 3 disclosure of banks comprised the following steps:

Step 1: The Department reviewed banks’ disclosures as published on their websites and as

part of their annual reports.

Step 2: The disclosures were benchmarked against the requirements of regulation 43 of the

Regulations relating to Banks.

Step 3: The Department provided feedback on the banks’ disclosures during structured

meetings, and gaps identified with regard to these disclosures were highlighted.

Step 4: A letter summarising all the findings was sent to each bank for its comments on the

overall assessment and feedback on the steps it intended to implement in order to

ensure full compliance with the disclosure requirements.

Step 5: The banks’ responses were analysed, and their compliance with the requirements was

followed up in future disclosures to determine whether the specific identified gaps and/

or areas of non-compliance had since been rectified.

The Pillar 3 disclosure reviews focused on large banks and some of the medium-sized banks

in South Africa. A disclosure template was developed and used for the aforementioned

benchmarking exercise. The key objective of the Pillar 3 reviews performed by the Department

was to assist banks in complying with all the disclosure requirements that were applicable to

them by identifying gaps and making appropriate recommendations.

2.7.3 Key findings

The Department noted a marked improvement in the level of public disclosure by banks since

the January 2008 Basel II implementation date. All the banks reviewed during 2010 were

found to be taking appropriate steps to move towards full compliance with the requirements

of regulation 43 of the Regulations relating to Banks. However, the Department identified the

following common disclosure weaknesses:

• Most of the banks did not disclose the differences between the manner in which the entities

within the group were consolidated for accounting and for regulatory purposes.

• Bank capital requirements for all the different risk areas were not disclosed in the required

format; RWAs instead of capital requirements were disclosed.

• With regard to credit risk the following was noted:

– The non-disclosure of banks’ average amount of gross exposure during the reporting

period, which amount should be calculated on a daily average basis

– In the case of disclosure of the maturity breakdown of the bank’s credit portfolio, which should

be based on the residual contractual maturity of the said exposures, it was found that in most

cases banks were not disclosing the information for each major type of credit exposure

– In the case of historical information, it was found that banks that had adopted the IRB

approach for measurement of credit risk did not disclose quantitative information relating

to historical results on the amount of actual losses (i.e., amounts written off and specific

disclosure template was developed and used for benchmarking exercise

the Department identified common disclosure weaknesses


provisions raised) in respect of the period preceding the current financial year, including

sufficiently detailed information in respect of

º the extent to which the loss amounts differed from the past experience and the factors

that impacted on the bank’s loss experience; and

° a comparison between the bank’s risk estimates and actual outcome over a sufficiently

long period to assess the bank’s internal rating processes with reasons for any material

differences

• With respect to market risk, some banks did not disclose the cumulative amount of gains or

losses they had realised from the sale or liquidation of positions held in the bank’s banking

book during the current reporting period.

2.8 Stress testing

2.8.1 Introduction

‘Stress testing’, as defined by the BIS, is a risk management technique that is used to evaluate

the potential effects of a specific event and/or movement in a set of financial variables on an

institution’s financial condition. As financial resources fall and as requirements for these resources

are likely to rise in times of stress, stress testing is a key tool used by regulators for understanding

the appropriate level of resources required to ensure that banks remain solvent and liquid during

difficult times. From a supervisory perspective, it is of paramount importance that the Department

objectively establishes that South African banks are capitalised adequately. In this regard, the

capital buffer, as confirmed in the stress-testing approach, forms a major element.

It is necessary for banks and other financial institutions to hold sufficient capital and liquidity

buffers to protect themselves against severe unexpected events. Shareholders, investors and

depositors need to be confident that the banking system will not become distressed to the point

of failure, whatever the future state of the economy. Stress testing is an important input to the

capital-adequacy assessment process and decisions concerning the adequacy of capital buffers.

2.8.2 Overview of common scenario stress-testing exercise

Performing stress testing based on common scenarios is one of the principles for sound stress

testing as outlined by the BIS. During 2010, the Department performed a common scenario

stress-testing exercise on the South African banking system. A common scenario exercise

requires all participating entities to apply the same scenarios, whereas the banks may perform

internal stress-testing exercises using bespoke scenarios.

The overall objective of the exercise was to identify and assess the vulnerabilities of the South

African banking system under different plausible stressed macroeconomic scenarios. Each

participating bank independently applied the set of common macroeconomic scenarios

provided by the Department, and the Department collated and compared the results. The

results were measured in terms of the impact of the scenarios on the capital-adequacy and

liquidity profile of the banking system.

Participating banks’ results were aggregated to provide a view of the total banking industry’s

vulnerabilities. Since factors such as size, complexity, business models and risk profile are built

into the results of each bank, the aggregate results presented in this report cannot be directly

linked to individual banks. Since the participating banks, being the five largest banks, represent

approximately 90 per cent of the South African banking sector, the results of the stress-testing

exercise can be interpreted as being representative of the total banking sector.

2.8.3 Process followed

The exercise targeted the macroeconomic effects at the South African banking group level,

excluding insurance entities, and as alluded to above, the scope was limited to the five largest

South African banks representing the majority of the balance-sheet size of the banking system.

stress testing is an important input

banks independently applied the set of common macroeconomic scenarios


Workshops were held with participating banks in order to ensure that there was consistency

in translating the scenarios to internal risk parameters. Using internal risk models and granular

portfolio data, banks generated financial results reflecting the impact of the stress scenarios.

The exercise was conducted with the assumption that the regulatory environment would remain

unchanged, since the Basel Committee was still finalising Basel III reforms. Performing the

exercise with the assumption that the Basel III reforms are effective may yield different results.

The stress scenarios were orientated to elicit the effects of stress on credit risk, market risk,

counterparty credit risk, interest-rate risk in the banking book (IRRBB) and liquidity risk. Credit

risk and IRRBB were stressed via macroeconomic scenarios, whereas the balance of the risk

types was stressed using event type scenarios.

2.8.4 Development of scenarios

The scenarios were developed in two phases. In the first phase, workshops focused on

developing a list of financial variables for each scenario. Thirteen variables were selected for the

three macroeconomic scenarios; twenty-six event scenarios were developed for market and

counterparty credit risk, and two event scenarios for liquidity risk. During the second phase, the

Department, in consultation with other departments in the Bank, quantified each variable for the

different scenarios, with a view to creating economically consistent scenarios.

The first scenario generated was the base case scenario, an expectation of how the economy

may evolve over the three years (from 2010 to 2012) from the start of the exercise. This scenario

is required to measure the impact of the stressed scenarios from the base case. The base case

is characterised by a slow return to normal growth, inflation close to the upper target band and

moderate interest rates.

In scenario 1 there is a mild decline in GDP growth, and inflation is above the upper target band

due to the larger-than-expected second-round effects of electricity price increases, interest

rates increase and property price growth slows. However, owing to the short duration of the

stress, limited policy intervention is required in 2011–12.

Scenario 2 is characterised by a rapid decline in output due to an escalation of the global debt

crisis. However, owing to the lower base in 2009, the average over 2010 remains positive.

Interest rate spreads widen (mostly due to the lack of confidence in the global financial system),

causing an increasing interest rate environment. This, coupled with the limited ability of South

Africa’s major trading partners to implement expansionary fiscal and monetary policy, slows the

domestic recovery.

The scenarios for market and counterparty credit risk broadly address the effects of shocks in

interest rates; the price of equity, currency and commodities; counterparty risk; and issuer failure.

2.8.5 Results of the common scenario stress-testing

exercise

2.8.5.1 Credit risk

Table 2.1 illustrates the effects of the three scenarios on loans and advances. Lower levels of

loans and advances result under the more severe scenarios. Growth declines for both stressed

scenarios in year 2 (2011), by 1 per cent for scenario 1 and 12 per cent for scenario 2.

scenarios were developed in two phases

Table 2.1 Loans and advances over time for all scenarios

Base Scenario 1 Scenario 2

Loans and advances

Growth(per cent)

Loans and advances

Growth(per cent)

Loans and advances

Growth(per cent)

2010......................................... 2,837 2,743 2,656

2011......................................... 3,155 11 2,703 -1 2,332 -12

2012......................................... 3,491 11 2,903 4 2,418 6


2012201120101,0

1,5

2,0

2,5

3,0

3,5

4,0

4,5

Base Scenario 1

Per cent

Scenario 2

Figure 2.3 Impairments as a percentage of loans and advances

Figure 2.3 illustrates the impairment ratio, that is, total impairments as a percentage of gross

loans and advances, for each scenario over time. The impairment ratio remains virtually

unchanged for the base case, increasing slightly from 2,07 per cent to 2,09 per cent. The impact

of the deteriorated macroeconomic conditions on the credit risk exposures can be observed

by the increase in the impairment ratio for scenario 2 from 2,58 to 3,88 per cent in 2012, almost

double the ratio for the base case.

The rand amount of the credit losses for each scenario is depicted in Figure 2.4. Only the

credit losses for scenario 2 exhibited substantial change, increasing from R30 billion in 2010 to

R42 billion in 2012.

credit losses for scenario 2 increased

Scenario 2Scenario 1Base0

10

20

30

40

50

2010 2011

R billions

2012

Figure 2.4 Credit losses


2.8.5.2 Market and counterparty credit risk

The market and counterparty credit risk scenarios that led to a loss for the industry were

aggregated and assumed to realise in 2010. This aggregated loss was subtracted from the

available capital and is depicted as the red data series in Figure 2.5.

Such a simultaneous occurrence of multiple stress events occurring is highly unlikely. However,

the banking system remained adequately capitalised.

2.8.5.3 Liquidity risk

Liquidity risk was assessed via the LCR, which measures the ratio of available high-quality liquid

assets to the net cash outflows expected over a 30-day period of system-wide stress, and the

aggregation assumed that the cash outflows were to parties outside the banking sector. Two

different liquid asset stress scenario definitions were used: (i) baseline narrow and (ii) baseline

broad. The difference between the scenarios is the inclusion of bonds in the broad scenario.

The results of the exercise are illustrated in Table 2.2.

The ratios are similar under both scenarios, as the broad definition includes only an additional

R2 billion of liquid assets. These ratios fail to meet the target of 100 per cent.

2.8.5.4 Profitability and capital adequacy

The net interest income increase for all the scenarios over time, offsetting to some degree the

credit losses discussed in section 2.8.5.1, is illustrated in Figure 2.6.

two different liquid asset stress scenario definitions were used

Table 2.2 Liquidity coverage ratio

Baseline narrow Baseline broad

Total liquid assets (R billions) .......................................... 172 174

Net cash outflows (R billions) .......................................... 367 367

Liquidity coverage ratio (per cent) ................................... 46,8 47,4

0

2

4

6

8

10

12

14

16

Capital-adequacy ratio after lossesLoss

Per cent

Figure 2.5 Capital-adequacy ratio after subtraction of losses



The impact of the macroeconomic scenarios on profitability is shown in Figure 2.7. The

profitability under the stress scenarios is lower than that for the base case. However, the system

remains profitable across all years.

The banks remained adequately capitalised throughout the three-year period of the forecast

period, including under the stress scenarios (refer to Figure 2.8).

banks remained adequately capitalised

0

10

20

30

40

50

60

70

80

90

100R billions

Figure 2.6 Net interest income


2010 2011 2012

0

10

20

30

40

50R billions

Figure 2.7 Impact of macroeconomic scenarios on profitability


2010 2011 2012


2.8.6 Conclusion

The required capital emanating from the common scenario stress exercise remains remarkably

stable for credit risk and, with subdued demand for credit, capital requirements remain stable.

Despite a substantial increase in credit risk losses in scenarios 1 and 2, these losses remained

within manageable levels.

The impact of the market risk events is limited. Even including the full set of events, at the worst

possible date, the impact on the capital adequacy is manageable, with banks maintaining a

healthy capital buffer against a stable capital base.

For IRRBB the impact of these scenarios is positive, as it offsets the credit losses associated

with the increased interest rates.

The liquidity risk results show that as a banking system, cash outflows to the extent of the

definition of the LCR would leave the South African banking system with a large shortage of

liquidity. These results, however, do not consider the expected increased liquid assets as the

banking system prepares itself for the implementation of the liquidity risk reforms.

Overall, the capital adequacy of the banking system remained strong in all these scenarios,

both from an aggregate perspective, and a composition and quality perspective. It is important

to state that the impact of the implementation of the Basel III changes is not reflected in these

stress results and that the results might be different once these Basel III reforms have been

implemented.

losses remained within manageable levels

0

2

4

6

8

10

12

14

16Per cent

Figure 2.8 Capital composition


Tiers 2 and 3 Other Tier 1 Core Tier 1

2010 2011 2012 2010 2011 2012 2010 2011 2012

Chapter 2: Promoting the soundness of the banking system ... … · iv. Risk framework • The...

Documents

Transcript of Chapter 2: Promoting the soundness of the banking system ... … · iv. Risk framework • The...